CompTIA CASP+ Practice Test

Which action can a security administrator take to mitigate issues from malware spreading over UDP Port 8320?

• A. Add rules for all outgoing traffic on the firewall.
• B. Regularly update antivirus software on all machines.
• C. Add an explicit deny-all and log rule as the final entry of the firewall rulebase.
• D. Run a network monitoring tool for real-time feedback.

The correct answer is: Add an explicit deny-all and log rule as the final entry of the firewall rulebase.

Adding an explicit deny-all and log rule as the final entry of the firewall rulebase is a highly effective action for mitigating malware spread over UDP Port 8320. This approach ensures that any packets which do not match previous, more specific allow rules will be dropped by the firewall, effectively preventing unauthorized or malicious traffic from passing through. By logging this activity, the security administrator can gain insight into any attempts to exploit the UDP port, allowing for timely analysis and response to potential threats. This logging mechanism also contributes to overall incident response procedures, as it provides valuable information on what traffic is being blocked and can assist in identifying malware activity. The other options, while they could provide some level of security, do not specifically address the immediate issue of controlling traffic on a specific UDP port. For instance, simply adding rules for all outgoing traffic may not effectively manage specific threats on that port. Regularly updating antivirus software is essential for overall security hygiene, but it won't directly control or monitor network traffic. Running a network monitoring tool can provide insights but does not actively prevent the spread or block malicious traffic, which is crucial in this scenario.